CLAIMS 



What is claimed is: 

1. A method of providing physical port security in a digital communication system, 
comprising the steps of: 

a. receiving a frame of digital data at a network device, 

b. generating a destination port bit map based on the destination address 
information contained in said frame of digital data, 

c. comparing said destination port bit map with a physical port security bit map 
to generate a bit map of allowed destination ports, 

d. forwarding said frame of digital data to one or more of said allowed 
destination ports. 

2. The method of claim 1, wherein the comparing step includes the step of conducting a 
logical AND on said destination port bit map and physical port security bit map. 

3. The method of claim 1, wherein said physical port security bit map is generated using 
source address information contained in said digital data frame. 

4. The method of claim 1 , wherein said physical port security bit map is generated using 
destination address information contained in said digital data frame. 

5. The method of claim 1, wherein said physical port security bit map is generated using 
a combination of source and destination address information contained in said digital data 
frame. 

6. The method of claim 1, wherein said address information is IP address information. 
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7. The method of claim 1, wherein the device that receives a frame of digital data is a 
router. 

8. The method of claim 1, wherein the device that receives the frame of digital data is a 
network file server. 

9. The method of claim 1, wherein the physical ports of the device that receives the 
frame of digital data are connected to a local area network. 

10. The method of claim 1, wherein the received frame of digital data is received from a 
process that is inside of said network device. 

11. The method of claim 1, wherein said physical port security bit map is generated 
dynamically based on a variable parameter. 

12. In an intermediate network device having a communications port for receiving digital 
data from a digital communications system and two or more physical data ports for 
forwarding said digital data, a system for providing physical port security in the digital 
communication system comprising: 

a processor that generates a destination port bit map based on the destination address 
information contained in said received digital data, compares said destination port bit 
map with a physical port security bit map to generate a bit map of allowed destination 
ports, and forwards said digital data to one or more of said allowed destination ports. 

13. The system of claim 12, wherein said microprocessor conducts a logical AND on said 
destination port bit map and physical port security bit map. 

14. The system of claim 12, wherein said physical port security bit map is generated 
using source address information contained in said digital data. 

15. The system of claim 12, wherein said physical port security bit map is generated 
using destination address information contained in said digital data. 
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16. The system of claim 12, wherein said physical port security bit map is generated from 
a table of stored allowed physical port addresses that varies depending on a combination of 
source and destination address information contained in said digital data. 

17. The system of claim 12, wherein said address information is IP address information. 

18. The system of claim 12, wherein the device that receives the digital data is a router. 

19. The system of claim 12, wherein the device that receives the digital data is a network 
file server. 

20. The system of claim 12, wherein the physical ports of the device that receives the 
digital data are connected to a local area network. 

21. The system of claim 12, wherein the digital data is IP data. 

22. The system of claim 12, wherein the physical port security bit map is retrieved by the 
microprocessor based on IP source address contained in the digital data. 

23. The system of claim 12, wherein said network device is the source of said received 
digital data. 

24. The system of claim 12, wherein the physical port security bit map is dynamically 
altered based on a variable parameter. 
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